Op 11/10/2016 om 10:05 AM schreef Teemu Huovila: > > On 09.11.2016 23:36, Brad Koehn wrote: >> I have discovered that many times the virus definitions I use for scanning >> messages (ClamAV, with the unofficial signatures >> http://sanesecurity.com/usage/linux-scripts/) are updated some time after my >> server has received an infected email. It seems the virus creators are >> trying to race the virus definition creators to see who can deliver first; >> more than half of the infected messages are found after they’ve been >> delivered. Great. >> >> To help detect and remove the infected messages after they’ve been delivered >> to users’ mailboxes, I created a small script that iterates the INBOX and >> Junk mailbox directories, scans recent messages for viruses, and deletes >> them if found. The source of my script (run via cron) is here: >> https://gitlab.koehn.com/snippets/9 >> >> Unfortunately Dovecot doesn’t like it if messages are deleted (dbox) out >> from under it. I tried a doveadm force-resync on the folder containing the >> messages, but it seems Dovecot is still unhappy. At least on the new version >> (2.2.26.0) it doesn’t crash; 2.2.25 would panic and coredump when it >> discovered messages had been deleted. >> >> I’m wondering if there’s a better way to scan recent messages and eradicate >> them so the Dovecot isn’t upset when it happens. Maybe using doveadm search? >> Looking for suggestions. > The removal should if possible be done with the doveadm cli tool or using the > doveadm http api.
Still, Dovecot should handle external removal of messages gracefully. What exactly happens? Regards, Stephan.
